Computer networks, such as those provided at a workplace, university, or other organization, are often configured to allow users to gain access to a network remotely through virtual private networks (VPNs), customized network settings, and/or other technologies. To be granted access, users are generally required to authenticate to the remote network. Authentication may involve users providing various authentication factors, such as passwords, token codes, and personal identification numbers (PINs). Authentication factors may be received as part of authentication requests by an authentication server, which either grants or denies access, based on whether authentication factors provided with the requests match expected values.
A common authentication scheme involves token codes. Token codes may be used alone or in combination with other authentication factors. Token codes, also known as one-time passwords, or “OTPs,” are generated automatically, such as by portable devices (i.e., “hard tokens”), which may be distributed to users. Hard tokens are specialized devices, such as key fobs, which are designed to produce token codes at regular intervals. To authenticate to a remote network, a user enters the token code displayed by the hard token in a field of a network login screen on the user's computer. Access to the remote network may then be granted or denied based on whether the authentication server can verify the token code. An example of a hard token is the SecurID® token code generator, which is available from RSA Security Inc. of Bedford, Mass.
Recently, software has been developed to perform the functions of hard tokens on smart mobile devices, such as smart phones, PDAs, and tablets. These “soft tokens” generate token codes at regular intervals and are displayed on display screens of the mobile devices. As with token codes from hard tokens, token codes from soft tokens are manually entered by users in login screens of the users' computers. Access to remote networks is then either granted or denied based on whether the token codes from the soft tokens match expected values.